Vulnerabilities > Typora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-41481 | Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. | 6.1 |
| 2024-08-12 | CVE-2024-41482 | Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. | 6.1 |
| 2023-09-01 | CVE-2023-39703 | Cross-site Scripting vulnerability in Typora A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. | 6.1 |
| 2023-08-19 | CVE-2023-2971 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". | 6.5 |
| 2023-06-20 | CVE-2020-21058 | Cross-site Scripting vulnerability in Typora 0.9.79 Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. | 6.1 |
| 2022-12-07 | CVE-2022-43668 | Cross-site Scripting vulnerability in Typora Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | 6.1 |
| 2021-08-19 | CVE-2020-18748 | Cross-site Scripting vulnerability in Typora 0.9.65 Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. | 4.3 |
| 2021-05-26 | CVE-2020-18221 | Cross-site Scripting vulnerability in Typora Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | 4.3 |
| 2021-02-05 | CVE-2020-18737 | Cross-site Scripting vulnerability in Typora 0.9.67 An issue was discovered in Typora 0.9.67. | 4.3 |
| 2020-01-09 | CVE-2019-20374 | Cross-site Scripting vulnerability in Typora A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. | 6.8 |